google-keep-mcp
mcp
Warn
Health Warn
- License — License: NOASSERTION
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 7 GitHub stars
Code Pass
- Code scan — Scanned 5 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool is a Model Context Protocol (MCP) server that allows AI models and compatible clients to interact with your Google Keep notes. It provides capabilities to search, create, update, archive, and delete notes using natural language commands.
Security Assessment
Overall Risk: High. While the automated code scan found no dangerous patterns or hardcoded secrets, the nature of the tool requires extensive access to highly sensitive data. The server requires your Google Master Token to function. As explicitly warned in the documentation, this specific token effectively grants unrestricted access to your entire Google account, representing a massive security risk if leaked or mishandled. Furthermore, the tool inherently makes external network requests to Google's servers to read and write your private notes.
Quality Assessment
The project is actively maintained, with recent repository pushes, and comes with a clear, detailed README. However, community trust and visibility are currently very low. It only has 7 GitHub stars and lacks a clearly defined open-source license (marked as NOASSERTION). This means there are no explicit legal terms granting users permission to use or modify the code, which may be a concern for enterprise or commercial environments.
Verdict
Use with caution—while the lightweight codebase appears safe, the strict requirement of a Google Master Token introduces severe account-level security risks and requires extreme caution regarding where and how the tool is configured.
This tool is a Model Context Protocol (MCP) server that allows AI models and compatible clients to interact with your Google Keep notes. It provides capabilities to search, create, update, archive, and delete notes using natural language commands.
Security Assessment
Overall Risk: High. While the automated code scan found no dangerous patterns or hardcoded secrets, the nature of the tool requires extensive access to highly sensitive data. The server requires your Google Master Token to function. As explicitly warned in the documentation, this specific token effectively grants unrestricted access to your entire Google account, representing a massive security risk if leaked or mishandled. Furthermore, the tool inherently makes external network requests to Google's servers to read and write your private notes.
Quality Assessment
The project is actively maintained, with recent repository pushes, and comes with a clear, detailed README. However, community trust and visibility are currently very low. It only has 7 GitHub stars and lacks a clearly defined open-source license (marked as NOASSERTION). This means there are no explicit legal terms granting users permission to use or modify the code, which may be a concern for enterprise or commercial environments.
Verdict
Use with caution—while the lightweight codebase appears safe, the strict requirement of a Google Master Token introduces severe account-level security risks and requires extreme caution regarding where and how the tool is configured.
An MCP server for Google Keep notes
README.md
google-keep-mcp
An MCP server for Google Keep. Apply the power of AI to organize, update, or just export your Keep notes.
Features
Search/List Operations
find- Search for notes based on a query stringget_pinned_notes- Get pinned notes (with optional search)get_archived_notes- Get archived notes (with optional search)get_trashed_notes- Get trashed notes (with optional search)
Add Operations
create_note- Create a new note with title and text
Update Operations
update_note- Update a note's title and textset_note_color- Set the color of a note (12 colors available)archive_note- Archive a noteunarchive_note- Unarchive a noterestore_note- Restore a trashed note back to an active note
Delete Operations
delete_note- Mark a note for deletiondelete_archived_note- Permanently delete an archived note
Utility Operations
get_labels- Get all labels (with their usage count) for notesget_note_colors- Get available note colors and usage statistics
How to use
- Add the MCP server to your MCP servers:
"mcpServers": {
"google-keep-mcp": {
"command": "pipx",
"args": [
"run",
"google-keep-mcp"
],
"env": {
"GOOGLE_EMAIL": "Your Google Email",
"GOOGLE_MASTER_TOKEN": "Your Google Master Token"
}
}
}
- Add your credentials:
GOOGLE_EMAIL: Your Google account email addressGOOGLE_MASTER_TOKEN: Your Google account master token
Will you will need to create a master token (unless you have a Google Enterprise account, and can access the Google Keep API directly). Follow these steps:
- Goto https://myaccount.google.com/apppasswords and create an app password
- Run this docker command
docker run --rm -it breph/ha-google-home_get-tokenand enter your gmail address and app password (make sure it doesn't have a space at the end) - Obtain your master token. Be careful with this token, it has access to everything in your Google account.
[!TIP]
Stuck? Check https://github.com/leikoilja/ha-google-home/issues/890#issuecomment-2515002294, https://gkeepapi.readthedocs.io/en/latest/#obtaining-a-master-token and https://github.com/simon-weber/gpsoauth?tab=readme-ov-file#alternative-flow for more information.
Publishing
To publish a new version to PyPI:
- Update the version in
pyproject.toml - Build the package:
pipx run build - Upload to PyPI:
pipx run twine upload --repository pypi dist/*
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found